Adobe Acrobat Help Page XSS

Medium Nessus Plugin ID 77813


The version of Adobe Acrobat on the remote Windows host is affected by a cross-site scripting vulnerability.


The version of Adobe Acrobat installed on the remote host is a version equal to or prior to 9.5.2. It is, therefore, affected by an input validation error related to the Help page that can allow cross-site scripting attacks.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Upgrade to Adobe Acrobat 10.1.11 / 11.0.08 or later.

See Also

Plugin Details

Severity: Medium

ID: 77813

File Name: adobe_acrobat_CVE-2014-5315.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2014/09/23

Modified: 2015/02/02

Dependencies: 40797

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:adobe:acrobat

Required KB Items: SMB/Registry/Enumerated, installed_sw/Adobe Acrobat

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/11/15

Vulnerability Publication Date: 2014/09/12

Reference Information

CVE: CVE-2014-5315

BID: 69791

OSVDB: 111397

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990